mkruer wrote:First of all, sorry to hear about the hack. I am late to the game as usual, but I have some questions about future development when it comes to security.
The hack was phpList and not at all related to phpBB.
mkruer wrote:I know a while back I brought up the idea of using hidden login/username, names that are unique but are not referenced anywhere outside of the original login. The general idea as that people do not and should not know others login/username. Because the login/username is no longer used as a descriptor, the same hashing rules can be applied to it as a password so in effect you have a double password scheme. If someone were able to get into the database, not only would they have to crack the password, but they would also need to crack the username as well; adding an additional level of security. This should be relatively easy to accomplish if there is a willingness to support this in the future.
If the user never posted and the username was ciphered then it would work, it would only really ever be useful to an admin though. If you really wanted to be secure then you could create a PHP script that only allows you to login as an admin if you are from your IP Address.
mkruer wrote:Another idea is that hashing can also be applied to e-mails addresses, but it because a bit trickier, because the e-mails need to have the ability to be reversed. Lately I have had to use PGP to secure laptops. The first part of the process is to create a master password and then encrypt the contents of the drive. Once this is accomplished, then user keys can be associated with the master password to get into the system without having to use the master password again. So using this logic, would it be reasonably possible to as hash protect the e-mails addresses as well?
I guess it could but that adds yet another layer of complexity to phpBB that many users do not agree with. Email addresses aren't something you should really be too worried about, most users sign up with a Hotmail and it is very easy to change email addresses if the email address is spammed.
Interesting topic though, perhaps in the future some of these ideas may be put into action.